If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Decrypt password

Hi everyone,
I have a situation where I want to get back my users'password where the user might forget the password and the application want to sent to the particular user for the lost password. And also this is transparent to the system admin user.

Re: Decrypt password

Originally posted by ckwan Hi everyone,
I have a situation where I want to get back my users'password where the user might forget the password and the application want to sent to the particular user for the lost password. And also this is transparent to the system admin user.

Any ideas on this ?

Thanks

Well if that was possible, then there goes the security...

no you cannot decrypt the password, what you can do is save the encrypted password some where and then reuse it to reset the password to initial password in case the user losses his or her password.

You can not decrypt the password because it is not stored encrypted in the database dictionary!

The gibberish values that can be seen in DBA_USERS.PASSWORD column are not encripted passwords, they are hash values of passwords + corresponding usernames. So they are obteined by implementing some hashing alghorytm, not some encription alghorytm.

There is a huge difference between encryption and hashing. Encrypton is a reversible proces, while hashing is not. What that means? With encryption, you can allways get the original value from the encrypted value, provided that you have propper encryption key and an alghorytm. But with hashing process it is different. You can (generally speaking) never get the original value from the hashed value, even if you know the hashing algorythm. It is mathematicaly one-way process.

Oracle stores only hashed values of the passwords, so noone (including everyone in Oracle Corp.) can ever "guess" what the real password is, even if he got access to thos hashed passwords. The only way to get real password from its hash value is by use of brute force.

Jurij ModicASCII a stupid question, get a stupid ANSI
24 hours in a day .... 24 beer in a case .... coincidence?